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What is claimed is: 

1 1 / A method, comprising: 

2 based on policy rules, creating an access control 

3 list adapted to configure a network device; and 

4 using the access control list to generate access 

5 filters. 

1 2 . The method of claim 1 further comprising expanding 

2 the policy rules into value groups that represent 

3 conditions associated with the policy rules. 

1 

0 3 . The method of claim 2 further comprising excluding 
% t conditions that would otherwise be implied by the 

rules. 

jfj 4 . The method of claim 3 further comprising resolving 

2j inconsistent conditions that result from expanding 

3^ the policy rules and excluding the policy rule 

Si conditions. 

5. The method of claim 1 further comprising creating at 

2f least one array of included or excluded conditions 

3 from the policy rules. 

1 6. The method of claim 5 wherein generating the access 

2 filters further comprises: 

3 adding filters adapted to control access of a device 

4 to another component in the network. 

1 7. The method of claim 6 further comprising generating 

2 deny filters by combining the at least one array of 

3 excluded conditions and the at least one array of 

4 included conditions. 

1 8. The method of claim 6 further comprising generating 

2 permit filters by combining the at least one of the 
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3 arrays of the included conditions with the remaining 

4 arrays of included conditions. 

1 9/ A computer network, comprising: 

2 a first device adapted to disseminate policy rules 

3 in the network; and 

4 a second device adapted to receive the policy rules 

5 disseminated on the network by the first device and 

6 adapted to: 

7 based on policy rules, create an access 

8 control list adapted to configure the at 
93 least one device from the filters; 

•_ri 
if? 

10: and to use the access control list to 

yy 

ljj generate access filters from the 

W. translated policies. 

m 

J" 10. The system of claim 9 wherein the second device 

04 further comprises a permit filter. 

m 

J: 11. The system of claim 10 further comprising a 

g] plurality of data- storage devices adapted to permit 

access to the second device. 

1 12 . The system of claim 9 wherein the second device 

2 further comprises a deny filter. 

1 13. The system of claim 12 further comprising a 

2 plurality of data-storage devices adapted to deny 

3 access to the second device. 

1 l/ '. An article comprising a computer- readable medium 

2 j which stores computer executable instructions for 

3 managing policy rules on a network, the instructions 

4 causing a computer to: 
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5 based on policy rules, create an access control 

6 list adapted to configure the devices from the simplified 

7 rules; and 

8 use the access control list to generate access 

9 filters. 

1 15. The article of claim 14 further comprising 

2 instructions to expand the policy rules into value 

3 groups, wherein value groups represent conditions 

4 associated with the policy rules. 

1 16. The article of claim 15 wherein the instructions to 

2 translate the policy rules further includes 

: 3J instructions to exclude conditions that would 

jU otherwise be implied by the policy rules. 

M 

J3 17. The article of claim 16 wherein the instructions to 

-1: translate the policy rules further includes 

m 

3j instructions to resolve inconsistent conditions that 

J4 result from expanding the policy rules and excluding 

j§j the policy rule conditions. 

m 

W= 19^ A network device, comprising: 




a configurable management process located on the device 

3 having instructions to: 

4 receive the policy rules in a network device; 

5 translate the policy rules to a set of 

6 simplified rules; 

7 create an access control list adapted to 

8 configure the devices from the simplified rules; and 

9 use the access control list to generate access 
10 filters. 

1 19. The device of claim 18 further comprising a 

2 connection to an external network. 
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1 20. The device of claim 19 wherein the external network 

2 is a local area network. 

1 21. The device of claim 19 wherein the external network 

2 is the Internet. 

1 22< A method of managing access by a device on a network 

2 to anfcther component on the network, comprising: 

3 providing policy rules that determine the access of 

4 the device to the component . 

1 23. The method of claim 22 wherein the policy rules 

2 comprise : 

3_ an access control list including the conditions that 

X allow the device to access the component; and 

151 filters for implementing the access. 

W 

j\ 

% 24. The method of claim 22 wherein the access control 

f£j list comprises include and exclude arrays that are combined to 

3-- generate the filters. 

r~ 

M 



3 
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